Walt Mankowski on 18 Aug 2018 05:15:09 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...


On Fri, Aug 17, 2018 at 06:44:02PM -0400, Rich Kulawiec wrote:
> On Fri, Aug 17, 2018 at 03:42:27PM -0400, Fred Stluka wrote:
> > As you may have noticed, there's been a massive upswing in hacking
> > attempts from China in the past couple weeks.?? My servers now get
> > hit an additional hundreds or thousands of times per day.?? You may
> > want to check your logs and beef up your security.
> 
> Why are you allowing network traffic from China to get anywhere near
> your servers?  You should have permanently firewalled out the entire
> country years ago, using the blocks carefully maintained here:
> 
> 	Okean - The Goods
> 	https://www.okean.com/thegoods.html
> 
> Drop those into your configuration.  Update once a month.  And stop
> fooling around with half-ass measures like fail2ban.

Thanks for posting that link. The list with both the Chinese and
Korean addresses contains nearly 6000 blocks. Can iptables handle that
many rules without performance problems?

Walt

Attachment: signature.asc
Description: PGP signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug